In the standard of 3rd generation wireless communication, GAA is a generic architecture which is used by a plurality of service entities to implement the verification of the user identity. The GAA may be used to check and verify the user identity of an application service. The plurality of application services includes multicast or broadcast service, user certification service, instant messaging service, and proxy service.
FIG. 1A is a diagram showing the structure of the GAA in the art. As shown in FIG. 1A, generally, the GAA includes a user, a bootstrapping service function (BSF) adapted to perform an initial verification for the user identity, a home subscriber server (HSS) and a network application function (NAF). The bootstrapping service function is referred to BSF and the network application function is referred to NAF for short as below. The BSF is adapted to implement a mutual authentication with the user. The process of the mutual authentication includes a mutually identity verification and a sharing key generation for the BSF and the user. The process of the mutual authentication is also referred to as a bootstrapping process or a Generic Bootstrapping Architecture (GBA) process. The user which is able to implement the GBA process with the BSF is referred to as a user having the GBA function. A profile file for describing user information is stored on the HSS and the HSS also has a function for generating authentication information. The NAF may represent different network service application entities. When a user intends to access a service, the user must visit a NAF corresponding to the service and communicate with the NAF. The interfaces among the entities are shown in FIG. 1A. The BSF is connected to the NAF through Zn interface. The user is connected to the BSF or the NAF via a user equipment (UE). The UE is connected to the BSF through Ub interface and to the NAF through Ua interface. In the present invention, the BSF, NAF, and HSS may be referred to as network side.
When a user intends to use a service, if the user knows that the service needs the GBA process in the BSF, the user may directly perform the GBA with the BSF; otherwise, the user may contact with the NAF corresponding to the service. If the NAF uses the GAA and finds that the mutual authentication has not been performed between the user and the BSF, the NAF informs the user to perform the GBA with the BSF, so as to authenticate each other.
The GBA between the user and the BSF includes: sending an authentication request to the BSF by the user; obtaining authentication information of the user from the HSS by the BSF, after receiving the authentication request; performing, by the BSF, the mutual authentication and a key negotiation and generating a sharing key Ks between the user and the BSF, after receiving the authentication information. In addition, the BSF defines a valid period, i.e. key lifetime, for the sharing key Ks so as to update the Ks periodically. The sharing key Ks is used as a root key for deriving a key for a secured communication.
Then, the BSF assigns a session identity (B-TID) to the user. The B-TID is associated with the Ks and may be used for indicating Ks, and the BSF sends the valid period of the Ks to UE.
When the user receives the B-TID, a connection request carrying the B-TID is resent to NAF. The user side obtains the derivation key Ks_NAF through a calculation based on Ks.
When the NAF receives the connection request, the NAF firstly queries whether the B-TID carried by the user is stored locally. If the B-TID can not be found locally, the NAF queries to the BSF. The query message includes the NAF identity (NAF_ID) and the B-TID. If the BSF cannot find the B-TID locally, the BSF informs the NAF that no information of the user exists and the NAF informs the user to perform the authentication with BSF again. After the BSF finds the B-TID, the BSF obtains the derivation key Ks_NAF of Ks with the same algorithm as that of the user side and sends a success response message to the NAF. The success response message includes the B-TID needed by the NAF, the derivation key Ks_NAF corresponding to the B-TID and the valid period of the derivation key configured by the BSF. After the NAF receives the success response message from the BSF, the NAF takes the user as a legal user, which passes the authentication of the BSF. Thus, the NAF and the user share the key Ks_NAF derived from the Ks.
Then, the NAF and the user implement the encryption communication through the Ks_NAF in the following communication.
When the user finds that the Ks is to be expired or the NAF requests the user to perform the authentication with the BSF again, the user may repeat the above steps and perform the authentication with the BSF again, so as to obtain a new sharing key Ks and derivation key Ks_NAF.
The GBA process includes a GBA_ME process and a GBA_U process. As for the GBA_ME process, the key Ks_NAF is generated and stored in Mobile equipment (ME). As for GBA_U process, two keys are generated, and one is a key of the USIM Integrated Circuit Card (UICC) in the ME, that is, Ks_int_NAF, the other is a key of the ME, that is, Ks_ext_NAF.
With the development of the network technology and the market impulse, network convergence becomes the focus in the field. In view of the feature development, the network convergence may make a user use any terminal device, such as mobile station, personal digital assistance (PC), and personal computer (PC), to access a network, such as WLAN, DSL, and GPRS, in any manner. Moreover, only one number is used and only one bill is generated. That means a user may have a plurality of terminal devices which share user information of one UE, such as user information corresponding to the ME and the UICC (the SIM of the GSM and the USIM on the UICC) of the UE. Thus, it is ensured that, not only the UICC or the ME can securely access the network but also other terminal devices can securely access the network through the UICC.
FIG. 1B is a diagram showing the GAA in which the NAF application client and the GBA client are separately located in different environment. As shown in FIG. 1B, a mobile user has a plurality of terminal device including a cell phone and other terminal devices, such as PC, WLAN UE, and PDA. These terminal devices use the same user information of one UE to access the network service. The NAF application client is not located on the UICC but on one or more peripheral terminal devices, except the UICC and the GBA client is located on the UICC.
In view of above, before the terminal device establishes a secure connection with the network, the terminal device must obtain related secret information from the UICC, so as to ensure that the terminal device may access the network or use corresponding service securely. In other words, secret information, such as information of the UICC for performing the mutual authentication between the terminal device and the network and key information required by the terminal device for using a service, needs to be communicated between the terminal device and the UICC. Thus, the security protection must be provided to the local interface UL0 between the terminal device and the UICC. Hence, it is ensured that the information communicated between the terminal device and the UICC will not be stolen or illegally obtained. The security of the whole network can be ensured only when the security of the local interface is ensured.
The terminal device is referred to as terminal for short as below. When a terminal intends to use an application and finds that the Ks_Local which corresponds to the application and is required by the communication with the UICC does not exist on the terminal, or finds that the Ks_Local which corresponds to the application and is required by the communication with the UICC exists on the terminal but the Ks_Local does not exist on the UICC, the terminal initiates a Ks_Local negotiation process. FIG. 2 is flow chart showing a process for negotiating a local interface key between the UICC and the terminal, and includes the following steps.
At Step 200, the terminal requests the UICC to perform a complete GBA process and a GBA_U process relating to the NAF key center, so as to generate related key information.
The NAF key center is a server adapted to negotiate the communication key between the terminal and the UICC.
At Step 200, through the GBA process and the GBA_U process, the sharing key Ks between the terminal/UICC and the BSF is negotiated. The Ks and the key Ks_int_NAF corresponding to the B_TID and NAF identity (NAF_ID) are stored in the UICC.
At Step 201, the terminal sends a request for the B_TID in connection with the Ks_int_NAF generated in the GBA process to the UICC.
The terminal carries the information required for deriving the Ks_Local, such as terminal identity (Terminal_ID) and application ID, in the request.
At Step 202, the UICC derives the Ks_Local using the Ks_int_NAF stored locally and the Terminal_ID received.
At Step 202, the UICC uses the Ks_int_NAF and related information from the terminal to derive the Ks_Local and stores the Ks_Local.
Step 202 may also be performed after step 210.
At Step 203, the UICC sends the B_TID in connection with the Ks_int_NAF to the terminal. Optionally, the NAF_ID may also be included.
At Step 204, the terminal implements the mutual authentication with the NAF and establishes a tunnel. For example, a tunnel based on Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) may be established in the manner of certificate. The implementation of the tunnel is already known by those skilled in the art, and repeated descriptions thereof are omitted herein.
At Step 205, the terminal sends a local key establishment request to the NAF key center via the HTTPS tunnel.
The local key establishment request carries the Terminal_ID and the B_TID obtained. Optionally, other information such as the NAF_ID may also be carried.
At Step 206, the NAF sends a request carrying the B_TID and the NAF_ID of the NAF to the BSF.
At Step 207, the BSF sends a response carrying the Ks_int_NAF and other information, such as the key lifetime, of the Ks_int_NAF to the NAF.
At Step 208, after the NAF determines that the terminal can access the network through the UICC according to the Terminal_ID, the NAF derives the Ks_Local with the same algorithm as that in the UICC using Ks_int_NAf and other related information, and defines a key lifetime for the Ks_Local.
At Step 209, the NAF sends the derived Ks_Local and the key lifetime of the Ks_Local to the terminal.
At Step 210, the terminal stores the Ks_Local and the key lifetime of the Ks_Local received.
To this end, the terminal and the UICC share the Ks_Local and implement a secure communication with the Ks_Local.
The problem in the conventional method for negotiating the Ks_Local between the UICC and the terminal is as follows.
The Ks_Local is derived from the Ks_int_NAF. During the key lifetime of the Ks_int_NAF, when the terminal loses the Ks_Local for the reason that the communication with the network side is interrupted due to a certain reason such as Power Off, a complete negotiation process shown in FIG. 2 is to be implemented in the case that the terminal reinitiates the application corresponding to the Ks_Local. However, the Ks and the related derived key stored in the UICC are not expired. If a new Ks_Local is negotiated according the flow chart shown in FIG. 2, a complete GBA process is to be implemented although the original Ks is still valid. Thus, the original Ks and the derived Key are not made a full use. Moreover, a cumbersome process is caused and the resources are wasted.
In the prior art, it is allowed that an existing Ks and a derived key are used to derive a Ks_Local again. In other words, when the Ks_Local between the terminal and the UICC is invalid or is to be invalid but the Ks_int_NAF for deriving the Ks_Local is valid, the Ks_int_NAF is used to derive the Ks_Local again. However, because the parameters for calculating the key are the same as that for negotiating the lost Ks_Local, the newly derived Ks_Local is the same as the previously derived Ks_Local. Thus, the security level between the UICC and the terminal is lowered.